I don't have a collector in my lab but you should have a dropdown menu
on the credentials page. It will be in the same place as the red square
below. If you select collector here, you only need to allow connections
on tcp/22 from the collector.
Make sure that you have the correct column settings to be able to see
the policy number. It seems that the destination of policy 20 is ALL.
It should be a policy related to the SSLVPN. You need to make it more
specific so that it only sends the req...
FortiConverter has support for Sophos conversions as far as i can tell:
https://docs.fortinet.com/document/forticonverter/7.0.4/online-help/571690/sophos-conversion
Alternatively, Fortinet professional services should be able to help
out. Thanks
For a BGP solution, you should look into route dampening. Here is an
example from a Fortiswitch document. However, the theory would be the
same for a FortiGate.
https://docs.fortinet.com/document/fortiswitch/7.2.7/administration-guide/939736/troubles...